A flaw was found in the Java XSLT processing classes. An untrustedapplication or applet could cause a denial of service, or execute arbitrarycode with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). Anuntrusted JNLP application could access local files, or execute localapplications accessible to the user running the JRE. (CVE-2008-1188,CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)

A flaw was found in the Java plug-in. A remote attacker could bypass thesame origin policy, executing arbitrary code with the permissions of theuser running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrustedapplication or applet could cause a denial of service, or possibly executearbitrary code with the permissions of the user running the JRE.(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrustedapplication or applet could trigger a denial of service (JVM crash).(CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local networkconnections by the use of Java APIs. A remote attacker could use theseflaws to access local network services. (CVE-2008-1195)

All users of java-1.6.0-ibm are advised to upgrade to these updatedpackages, that contain IBM's 1.6.0 SR1 Java release, which resolves theseissues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to usethe Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188